Agenda

Registration

Welcome speech

Intelligent eCommerce Merchandising with Elasticsearch

How can we apply intelligence to search to allow merchants to provide optimised results to shoppers? This talk looks at the fundamentals of product search, the process of applying real-time scoring factors to produce personalised search results, and the business processes involved in setting up, tuning and evaluating an intelligent product search system.

GraalVM: High-Performance Polyglot Runtime

GraalVM is a universal virtual machine for running applications written in JVM-based languages like Java, or written in JavaScript, Python, Ruby, R, and LLVM-based languages such as C and C++. GraalVM removes the isolation between programming languages and enables interoperability in a shared runtime. It can run either standalone or in the context of OpenJDK, Node.js, Oracle Database, or MySQL.

Workshop: NetSuite - the way you want it

Bitemporal Modeling: Patterns for building data models that, literally, stand the test of time

Talking about a decades-old technology may seem like an odd choice for a tech conference but the bitter truth is that the last application you designed probably does not handle the concept of time very well. Worse still, the next one will not be any better because the shortcomings are not obviously linked to the same root cause. In this presentation we will build a visual intuition of dealing with time in an information system that segues into an implementation pattern that does satisfy even advanced requirements. We will wrap up with some difficulties you may encounter in the real world and how to mitigate them. In future, you may build the solution yourself, use an off-the-shelf product or, this time knowingly, ignore the issue altogether but you will find it difficult to not think about the possibilities at stake.

Machine Learning and the Autonomous Database

We live in a world of over-hyped technologies, where “the next big thing” is always just around the corner. The greatest expectations today center on AI technologies. How are machine learning, AI, and autonomy going to change how we understand and deliver “big data”? This session gives a peek at new approaches, and attempts to weigh the promise of “new solutions to old problems” against the power of “old solutions to new problems”.

11.30 – 12.15

Petabyte-scale cloud services data processing with Splunk

Have confidence in your machine data platform at scale and remove the blind spots from your cloud journey, allowing you to focus on availability and security of mission-critical services. In this session, we'll cover processing and analyzing popular Cloud data sources at scale from sources such as Kafka, Kubernetes, and AWS Kinesis Firehose using the Splunk HTTP Event Collector (HEC), and Metrics indexes. Make sense of the data with the over 1700 free Splunkbase apps including Splunk Security Essentials and Splunk Essentials for Application Analytics. Customer success is at the heart of everything we do at Splunk. We help empower data-driven business transformation at the world’s largest companies, and help build the skills and careers of our passionate community advocates in SOCs, NOCs and datacenters around the world.

Moving to the cloud: modernizing for the transition to IaaS

Lots of good advice and technology exists for designing new applications for the cloud. So-called "cloud-native" designs can produce applications that are well-suited to both the advantages and disadvantages of abstraction over the compute layer. But when it comes to moving older applications to the cloud, changing the fundamental architecture is often a non-starter. This talk will explore approaches to modernizing legacy applications to make them cloud-ready, and the tradeoffs of mixing components of the modern cloud technology stack with legacy architectures.

12.15 – 13.30

Lunch

13.30 – 14.15

GraalVM: Polyglot Languages on the JVM

GraalVM can execute a multitude of language runtimes. This presentation will dive deeper into some of them, explain how GraalVM reaches compatibility with e.g. Node.js or Ruby, how programs can interact with each other, and how tooling can utilize this multi-language environment.

Let’s think about some of the challenges brought about by vulnerable technology/ software. Cybercrime is growing at a faster rate than traditional crimes. It is now more lucrative to steal data (i.e credit card numbers) than it is to rob a bank. And the world is responding – legislation and industry practices are changing to make software secure. Companies are investing in security programs, but what limits the effectiveness is the lack of participation, ownership, understanding, and accountability from the business.

Workshop: NetSuite - the way you want it

Accelerate Scaling through Tighter Security

Common-sense secure design principles say that adding more security forces a trade-off with efficiency. This talk with explore some tightly controlled environments that are capable of greater speed and scale than free and open environments.

Database Multi-tenant using Oracle Database

Multi-tenancy reminds one of living in shared space and somehow manage to get most out of it. Let’s explore how Oracle multi-tenant architecture makes this possible in database world. We will connect dots between sharing a living space to how you can share database using Oracle database.

15.20 – 16.05

A Decade of Building Security In and the BSIMM

The Building Security In Maturity Model (BSIMM, pronounced “bee simm”) is a study of existing software security initiatives. Starting a decade ago, the BSIMM authors began quantifying the software security practices of different organizations in order to describe the common ground they share, and to identify the variations that make each unique. In this talk, Jacob West describes the BSIMM, shares his experiences developing the model, and highlights ways the software security practice has evolved over his 15 year career.

Micro segmentation in a Cloud context

This talk discusses the relevance and applicability of micro segmentation in a cloud context. The talk will provide a perspective on the technology and process aspects, building a case for using a logical multi-dimensional label-based policy model and workload / host based enforcement.

16.15 – 17.00

Mind your binders

Mass assignment vulnerabilities, also known as over-posting or auto-binding vulnerabilities, are a well know issue to the application security community since 2011. Mass assignment has not been as popular as other vulnerability categories appearing in Top 10 lists, making them less understood in the developer community. The truth is that these kinds of vulnerabilities are more common than many people think and may allow attackers to overcome the application logic.
In this talk we will present mass assignment as a vulnerability type. We will show how it works, how it can be abused and more importantly, how it can be prevented. Although this vulnerability may affect different frameworks and languages, we will focus on the Spring framework, especially on Spring MVC and Spring WebFlow applications. We will wrap-up showing some live examples and reviewing how it affects other frameworks and languages.

Czechitas

The tech world is facing lack of qualified people. Many tech newcomers are self-taught and need help and support before being ready to join tech talent pool. Czechitas is a non-profit organization that aims at promoting tech knowledge among kids, youth and women of any age. With the help of hundreds of tech professionals, who teach with us, we have built an education platform where thousands of attendees have been able to find support with tech learning. In this talk, we will give an overview of our activities and the most successful projects.

17.10 – 17.30

Closing speech

17.30 – 22.00

Afterparty

Speakers

Sean Fay

Sean Fay is a Lead Architect in the Infrastructure group at Oracle NetSuite, where he is responsible for the core computing services that underpin NetSuite's highly reliable business cloud computing platform. In previous roles at Fortify Software and Hewlett-Packard, he worked on new techniques for applying static program analysis and runtime instrumentation to the problem of software security.

Alexandra Nassar

Alexandra works at Medallia - a customer experience management software company - as a Sr. Technical Program Manager supporting the security organization. She started her career as a project coordinator in the Dietary Supplement industry and made a big jump to software development in 2013, where she later became a certified Scrum Master (CSM) and practiced agile methodologies within the Security team at NetSuite. Although she enjoys the day to day operations, she is most thrilled in the challenges of rolling out large security programs within a company. She is sought out for her innovative ways to make security fun within an organization.

Rachelle Gaerlan

Rachelle is the Director of Compliance for Oracle's NetSuite global business unit. She manages the security and privacy compliance programs for all NetSuite services. She started her career as an IT Auditor and Technology Risk Consultant with EY, where she worked with multinational companies, reviewing their IT general controls and re-engineering business processes to improve efficiency. For the last 13 years, she has been focused on building programs and providing guidance on how to establish, maintain, and improve business process and controls to meet security and privacy obligations across different industries.

Christian Wirth

Christian Wirth is Research Manager with Oracle Labs. He joined Oracle in 2013 after finishing a PhD in Computer Science. Christian is responsible for the JavaScript and the Ruby implementation on top of GraalVM, bringing high performance language runtimes to the JVM.

Petr Chalupa

Petr Chalupa is a Principal Member of Technical Staff with Oracle Labs. He joined Oracle in 2015 after an eight year long career building complex Ruby applications. Petr contributes to the Ruby language implementation and the Truffle framework.

Alvaro Muñoz

Alvaro Muñoz (@pwntester) works as Principal Software Security Researcher with Micro Focus Fortify, Software Security Research (SSR). His research focuses on different programming languages and web application frameworks searching for vulnerabilities or unsafe uses of APIs. Before joining the research team, he worked as an Application Security Consultant helping enterprises to deploy their application security programs. Muñoz has presented at many Security conferences including BlackHat, Defcon, RSA, AppSec USA and EU, HP Protect, DISCCON, etc and holds several infosec certifications, including OSCP, GWAPT and CISSP. Alvaro plays CTF games with int3pids team. He blogs at http://www.pwntester.com/.

Jacob West

Jacob West is Vice President, Cloud Operations for the NetSuite business at Oracle. West leads research and development for technology to identify and mitigate security threats, particularly in the software layer of cloud deployments. West has over a 15 years of experience developing, delivering, and monetizing innovative security solutions beginning with static analysis research at the University of California, Berkeley and later as a security researcher at Fortify Software.
Prior to joining NetSuite, West served as Chief Technology Officer for Enterprise Security Products at Hewlett-Packard, where he founded and led HP Security Research. Earlier at HP, West served as Chief Technology Officer for Fortify and leader of Fortify Software Security Research.
A world-recognized expert on software security, West co-authored the book, “Secure Programming with Static Analysis” with colleague and Fortify founder, Brian Chess, in 2007. West is a member of the California Cybersecurity Task Force, co-authors the Building Security in Maturity Model (BSIMM), and is a frequent keynote speaker.
A graduate of the University of California, Berkeley, West holds dual-degrees in Computer Science and French and resides in San Francisco, California.

Bhavin Thakkar

Bhavin Thakkar is Principal Database Engineer at Oracle NetSuite. Passionate and patient when it comes to database tuning.
10+ years of development and engineering experience on variety of database systems. Studied Master of Applied Science (Computer Systems) with majors in Database Systems from RMIT Melbourne (Australia).

Christopher Andrews

Chris Andrews trained to be an electrical engineer, but in the process found out that the Internet was a thing and was far more interesting. He became a sysadmin instead and then a developer, and has spent the last 15 years working on a number of different SaaS platforms. At Oracle NetSuite, he is a Senior Developer concerned with building scalable and extensible Commerce websites on the NetSuite platform.

Chris Blum

Chris Blum is a Co-founder of NetSuite and its former Chief Security Architect. His career spans three decades and several compute architectures. He wrote his first formal security paper entitled “Computer Crime” at the age of 13 in 1982 using an IBM Selectric II typewriter.

Bruno Krizan

Bruno is a Senior Manager in Platform group at Oracle | NetSuite. He has over a decade of experience in building large scale enterprise information systems on top of the Oracle Database. For the last 6 years, he has been mostly focused on improving customizations of NetSuite’s data model and the audit of all data changes. This made the ability to store just about any unknown structure of data, in vast amounts, and still be able to easily access it, his as-yet-unfulfilled life goal.

Todd West

Todd West, Director of Database Engineering and Schema is an Oracle database professional with 19 years of experience in performance optimization and design. His first performance optimization as a young adult involved extending the range and payload of model rockets. He still refuses to acknowledge “learning from failure”. When not tuning, he spends his time hiking, skiing, or tracking down obscure sources of information.

Ahmed Kira

Ahmed is a Solution Engineer at Splunk with subject matter expertise in Security & Cloud. He has supported many customers ranging from startups to large organizations. With over 20 years industry experience, Ahmed has assumed many hats ranging from professional services consultant, network engineer, and most recently as a solution architect at various vendors. Prior to Splunk, Ahmed architected network & application performance and security forensics solutions at CA Technologies and IBM. Ahmed is driven to make customers successful by exposing key performance indicators, visualizing traffic flows, and making sense of voluminous data.

Lenka Francu

Lenka is the Business and Production Manager of Brno in Czechitas, non-profit organization, that is inspiring and educating new talents, women and youth, in information technologies for stronger diversity and competitiveness in tech. She graduated from Applied Mathematics and Economics from the Faculty of Science at Masaryk University. After her studies, she was traveling the world for about 2 years and gained valuable experience and perspective from different cultural and working environment. She came to Czechitas in August 2017. Now she is in charge of Business Development in Brno and as the Project Manager she leads the Digital Academy and Job Fair Czechitas. In her free time she is a mountain enthusiast and a yoga teacher.

Migchiel de Jong

Migchiel de Jong has developed hardware and software for the nuclear medicine and nuclear industry for 10 years before joining Rational Software. During the 5 years at Rational Software (later acquired by IBM) he was involved in many software development process improvement projects mainly in the embedded systems space. The last 15 years the focus has shifted to security having worked at Fortify Software, Veracode, Tanium and currently Illumio.

Location

EVENT DETAILS:

CONTESTS & WORKSHOPS

Suitebot

Do you want to let your code compete against others? Then you will love our SuiteBot tournament! In the tournament, you will be creating an AI for a simple game. You will code your bot, watch your bot fight other bots, improve the bot for next round and maybe win some valuable prizes in the end! Plus you will have fun and learn some valuable programming skills.
To register and learn more details please visit SuiteBot webpage.

NetSuite – the way you want it

Would you like to learn how successful multinational companies run their business in the first cloud ERP system in the world? Are you keen to learn how to automate business processes using workflows? Join us to get a hands-on experience in following areas:

Order to Cash business process

Automation of business processes using SuiteFlow

Customization of documents using Advanced PDF

The workshop is intended primarily for fresh/soon-to-be graduates with business or economic background. Bring your own laptop and we will give you access to demo account where you can play! There will be a place for individual contest with prizes as well J Your friends are welcome to join.
Brno Impact Hub, Green Meeting room 9:30 – 16:00
Once you are registered to DISC conference, please contact [email protected] for more details!

Register

Event is over. Thanks for attending!

Should you have any questions or need further information, please email [email protected]